The fact that most instances permit external image hosting permits obtaining user IP addresses by posting inline images hosted on a server created by an attacker, then harvesting IPs there. I noticed when going through the code that Lemmy, as of 0.19.4, has an option to protect users of a home instance by proxying images viewed there. However, it requires bandwidth and disk space, and I don’t think that many home instances have it on. It is definitely not on on my own home instance, lemmy.today.
There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.
Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.
Many thanks to @asonix for adding this functionality to pict-rs v0.5.
I don’t know whether PieFed and Mbin presently have comparable functionality.
One major issue is that proxying the images will create more bandwidth usage on a home node, since they’re serving up all the images viewed by users of that home node, as well as disk space to store the proxied images — it’s more-expensive to run a node in that mode.
Unless your home instance has this option enabled, you should probably consider your IP address to be globally-visible. Note that using a VPN will mean that only the VPN’s exit node IP will be visible.
The fact that most instances permit external image hosting permits obtaining user IP addresses by posting inline images hosted on a server created by an attacker, then harvesting IPs there. I noticed when going through the code that Lemmy, as of 0.19.4, has an option to protect users of a home instance by proxying images viewed there. However, it requires bandwidth and disk space, and I don’t think that many home instances have it on. It is definitely not on on my own home instance, lemmy.today.
0.19.4 release announcement:
I don’t know whether PieFed and Mbin presently have comparable functionality.
One major issue is that proxying the images will create more bandwidth usage on a home node, since they’re serving up all the images viewed by users of that home node, as well as disk space to store the proxied images — it’s more-expensive to run a node in that mode.
Unless your home instance has this option enabled, you should probably consider your IP address to be globally-visible. Note that using a VPN will mean that only the VPN’s exit node IP will be visible.